The Enterprise Ethereum Alliance (EEA) announced the formation of the EEA EthTrust Security Levels Working Group, which will continue the advances begun by the Ethereum Trust Alliance (ETA), now part of the EEA, on the EthTrust project. The group aims to set standards for secure, smart contract transactions that are conducted within the Ethereum ecosystem.
In the Q&A below, EEA EthTrust Security Levels Working Group Co-Chairs Tom Lindeman, the former managing director of ETA, chair of the EEA Security Special Interest Group, co-founder of ConsenSys Diligence, and director of Strategic Initiatives, ConsenSys Software Inc. and Pierre-Alain Mouy, former ETA product owner and managing director at NVISO Security in Germany, provide an overview on the new working group.
What is the function of the EEA EthTrust Security Levels Working Group and why does it arise?
Today in the Ethereum ecosystem, a rating system to help users understand the level of trust and security for smart contracts do not exist. Think of it as a Michelin rating system for restaurants – you can get an idea of the quality and level of security audit ahead of time. Given that there are still so many issues and hacks with smart contracts today, we believe that the EEA EthTrust Security Levels Working Group will help drive trust and confidence in Ethereum as a global transaction layer in 2021.
When will we see the first security standards for smart contracts?
We have been working on the project for several months, and as a newly launched EEA initiative, we expect to see the first working system and specifications in Q1 of 2021.
Yes, this is certainly possible. Currently, we are focusing on getting this to a place for Ethereum as the EEA EthTrust Security Levels Working Group. The Working Group’s mission will be to continue the advances begun by the Ethereum Trust Alliance (ETA), now part of the EEA, on the EthTrust project, that will set standards for secure, smart contract transactions that are conducted within the Ethereum ecosystem.
What is the greatest vulnerability of smart contracts?
Smart contracts are more powerful and flexible than people realize. Even if the developers only intended for certain functions to be possible, it is often the case that other interactions may be possible. Since smart contracts are open and generally permissionless, anyone can interact with them and try to find coding mistakes, logic mistakes, or unintended exploits.
What role will EthTrust play in the evolution of DeFi?
Today only a percentage of smart contracts in the Defi space, especially in the new area of yield farming, are actually formally audited. This has to change, and once it is clear that projects that have EthTrust certified smart contracts are becoming the new normal and those projects are successful, we believe that it will essentially become a requirement for launching a new project when a user is deciding whether to stake their tokens in Pool A or Pool B, for example, the first thing they may check-in whether there is an EthTrust certificate.
What’s the best way to learn more about the Working Group?
For more information about joining the EEA EthTrust Security Levels Working Group, please visit https://entethalliance.org/participate/working_groups/ or reach out to [email protected].